Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation


My dad works for the govt and is a systems admin. He used to need TS because of the way things were improperly networked in the 90s, but they finally scaled it back to where he only needed secret. In most cases, Secret or TS are required - it depends on what sort of systems you are dealing with. Since his is operations support/manufacturing sector stuff, he is less likely to run across any super vital info other than parts specifications.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

I live right outside DC, and whenever I entertain the notion of leaving my cushy overpaid job for a position of challenge and peruse the USAJobs website, all I see is TS/SCI staring me in the face. Is that a requirement for all Gov infosec/SysAdmin positions?

The alternative is that the non-clearance jobs are just getting snapped up fast, and it's the TS/SCI ones that are languishing open for months.

M.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

My experience working in three of those four is that there is a direct correlation between contact with the public and caring about "tax payer money" as a concept. i.e. The . further away from direct contact with the taxpayers, the less likely they are to give a damn. The part that always amazed me was the bureaucrats who could bitch one moment about their own personal taxes increasing, and then in the next breath be seeking "state funding" or "federal funding" for a pet project. They never seemed to make any connection between the two.

Elected officials are the worst. They think of public money as their own feeding trough, unless being interviewed by the press. Then they express the same sincerity and deep concern about the taxes as they have for any other issue. The lifespan of said issue being until the cameras are off and the reporters are out of sight.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

The kind of person willing to put on such a circus sideshow is not the same species as a person who administers polygraphs for clearances. The world is very black and white to many people in that world (lord knows I certainly have that feature). It's just a different outlook on things, and I'm not sure that posting in a forum is going to adequately explain those differences.

[edit]

Here's references to the most recent directives governing information security. Please note that this supercedes the DCID 6/3 & co.

http://infosecurity.us/?p=1918

Brought to you by the Office of the Director of National Intelligence. Download and read the PDFs. It will be good for you. There will be a pop quiz tomorrow morning.

This means that my years of memorizing the pertinent portions of the 6/3 were all for naught. As an amusement, my current signature is from a security plan.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

I'm working some gov agency contracts right now but nothing requiring clearance. I'm far from any place that needs them and frankly, it's Canada, what secrets?

Yeah, your right, no one gets through the ranks by giving anything away and that's part of the problem, the right people aren't interested in the job.

It's back to the same problem, competitive compensation. That begs the question of how to attract talent. The flip side is that maybe not putting things online would reduce need, or at the least, minimize what the impact would be if something was compromised.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

Perhaps someone with a poly could create a Defcon contest. If anything it would be good for laughs.

Wish I had a soul to sell, mine is mortgaged to the hilt.


xor

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

I don't think splitting is really needed... it is not like we have competition between two different topics in the same thread. (We are in the middle of October during one of the slow times on the forum.) It seems more like the topic of this thread evolved with no dissension. Any mods that still wants to split it can do so if they want, but at this point, I don't think enough would be gained to justify the splitting, so I won't be splitting it. (I'm lazy. ;-)

Carry-on. :-)

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

Perhaps someone will split the thread.

Have you worked in the Government (employee or contractor)?

It's pretty much ALL about control....

I've seen some organizations/entities cooperate, but even then, it's about what they can get out of it.

Also, most Government employees (I'm not speaking of elected officials) really don't think of it is tax paper money, or even if they do, they really don't care.

Maybe other people here in this thread have other perspectives, but that's what I've seen on all levels of Government (Local, County, State, Federal)..

Don't get me wrong, there are good government employees. However, if you want to rise in the ranks to the positions where you control something like open sourcing a project, you probably had to sell part of your soul somewhere along the lines.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

Well...I don't know how they do things up in Communist Canadidia, but here in the good old US of Fuckin' A the problem is that the only governement or government contractor positions that seem to pay decently enough to compete with the corporate world require clearances.

Many agencies ridiculously over classify though....but that's a completely different discussion.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

Another thing to consider is that not all problems needing to be solved are secret. I've been working on an idea that since it's public money being spent, the public should reap the results more directly.

Often a project or problem has gobs of money thrown at it and it fails for whatever reason part way through. If applicable, why not open source it back to those who paid for it. At the very least something one department does half of before deciding to abandon it could save some other department a huge amount of work. Very much the open source mentality but applied to public projects. Often the project itself is not secret, just the contents.

I'm also wondering what the potential for small projects or general 'we'd like it if this happened' could be posted somewhere and the public given an opportunity to solve the problem.

There is an interesting situation up here where the gov funded a web app that would give you clear, side by side comparisons of the end cost of different plans between cell phone carriers. Obviously the carriers threw a fit and it was stopped, however there was an interesting call that since the development was paid for with public money, why not release it to the public and let them finish it.

Much of this whole debate has been edicts of 'be more secure' without any followup guidance. Like most security, it's best if those being protected are given opportunity to be part of the process rather than seen as the problem (i.e. airport security).

The fact that we have a twinge of guilt or worry about being 'caught' being curious about our security is proof that something is wrong. If the security is good enough, it should stand up to me taking photo's of it and insensitive enough to tolerate general poking. If I do find something of concern, who do I call without fear of being jackbooted?

Yes I know this is very idealistic and pie in the sky, but it's a start. Comment away!

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

URL3: Part 2: Q&A with Jeff Moss on computer hacking

This is a part 2. This covers history, and opportunities. It covers questions about how much work it takes to become skilled in a discipline, and more.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

Okay, I admit it. I was just looking for other people to throw under the bus.

There are an amazing number of clearances that don't require (or even need) polygraphs. Poly stuff is usually for SCI/SAR kinds of things, and is too expensive to waste on garden variety Q and Secret clearances. The investigation alone is hideously expensive (and the company you work for pays, not the fedgov); adding in the cost of a poly would be insane and pointless.

On the other hand...

Actually, no they can't. I'm not a fan of them. I've seen far too many innocent people fail because they just couldn't control the nervousness. Still, every time I hear someone brag about how they beat a poly, I look for evidence, and I'm not seeing a lot of it. Do I think they're accurate? I think flipping a coin is more useful. However, the person giving and interpreting the poly for the clearance world is a much different animal than your one step above a sideshow police world.

I know that someone, somewhere, just read that statement, and is now annoyed with me. So it goes.

Yes, indeed, I've taken polygraphs. I've never had to take a lifestyle poly, but that's because I'm very good at sidestepping anything that would have required one. I should add that usually, by the time you're in a position where they'll want you to take a poly, you've been working for a while, you've had background investigations, and you're working in a pool of people that are going to pay attention to your behavior.

Here's a fairly informative article:

http://www.washingtonpost.com/wp-dyn...061901415.html

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

In the immortal words of George Constanza, "It's not a lie, if you believe it".

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

Thanks for the vote of confidence, but I've never held a DOD or DOE clearance, so I wouldn't have the foggiest idea of what's required. Actually, from what I've heard in the past, I may be ineligible for them. My clearances (as such) were always on the state level.

Besides, I'd probably get turned down for a Federal clearance since I distrust polygraphs exams to the point where I have never taken one, and have no intention of ever doing so. While the machines merely measure some basic physiological functions, the "exams" are nothing but voodoo science, and there is a very good reason that courts don't allow them. I have it on good authority that the average person can beat one in no less than thirteen different ways.

Re: DT In the news... Government, CyberSecurity, Inter-Agency cooperation

To make what I said even more clear...

I do not have plans (myself) to be on a stage. I don't like the cameras, I don't like the attention. I'll be happy to contribute from the sidelines, but I am stating for the record that I do not want to be on a panel.

I think you're subscribed over on dc-stuff, which means you have an email address for me. If you'd like offline input (especially from the investigative side), I'm quite fine with that. I think this has the potential to be a good talk, and would probably be very interesting to most folks, and answer a lot of questions.

You and Thorn (and others) would be great up there on the stage, under the lights.